package org.apache.hadoop.security.token.delegation;

import java.io.ByteArrayInputStream;
import java.io.DataInput;
import java.io.DataInputStream;
import java.io.DataOutput;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.io.DataInputBuffer;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.util.Daemon;
import org.apache.hadoop.util.Time;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/security/token/delegation/TestDelegationToken.class */
public class TestDelegationToken {
    private static final Log LOG = LogFactory.getLog(TestDelegationToken.class);
    private static final Text KIND = new Text("MY KIND");

    /* loaded from: input_file:org/apache/hadoop/security/token/delegation/TestDelegationToken$TestDelegationTokenIdentifier.class */
    public static class TestDelegationTokenIdentifier extends AbstractDelegationTokenIdentifier implements Writable {
        public TestDelegationTokenIdentifier() {
        }

        public TestDelegationTokenIdentifier(Text text, Text text2, Text text3) {
            super(text, text2, text3);
        }

        public Text getKind() {
            return TestDelegationToken.KIND;
        }

        public void write(DataOutput dataOutput) throws IOException {
            super.write(dataOutput);
        }

        public void readFields(DataInput dataInput) throws IOException {
            super.readFields(dataInput);
        }
    }

    /* loaded from: input_file:org/apache/hadoop/security/token/delegation/TestDelegationToken$TestDelegationTokenSecretManager.class */
    public static class TestDelegationTokenSecretManager extends AbstractDelegationTokenSecretManager<TestDelegationTokenIdentifier> {
        public boolean isStoreNewMasterKeyCalled;
        public boolean isRemoveStoredMasterKeyCalled;
        public boolean isStoreNewTokenCalled;
        public boolean isRemoveStoredTokenCalled;
        public boolean isUpdateStoredTokenCalled;

        public TestDelegationTokenSecretManager(long j, long j2, long j3, long j4) {
            super(j, j2, j3, j4);
            this.isStoreNewMasterKeyCalled = false;
            this.isRemoveStoredMasterKeyCalled = false;
            this.isStoreNewTokenCalled = false;
            this.isRemoveStoredTokenCalled = false;
            this.isUpdateStoredTokenCalled = false;
        }

        /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
        public TestDelegationTokenIdentifier m423createIdentifier() {
            return new TestDelegationTokenIdentifier();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public byte[] createPassword(TestDelegationTokenIdentifier testDelegationTokenIdentifier) {
            return super.createPassword(testDelegationTokenIdentifier);
        }

        protected void storeNewMasterKey(DelegationKey delegationKey) throws IOException {
            this.isStoreNewMasterKeyCalled = true;
            super.storeNewMasterKey(delegationKey);
        }

        protected void removeStoredMasterKey(DelegationKey delegationKey) {
            this.isRemoveStoredMasterKeyCalled = true;
            Assert.assertFalse(delegationKey.equals(this.allKeys.get(Integer.valueOf(this.currentId))));
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void storeNewToken(TestDelegationTokenIdentifier testDelegationTokenIdentifier, long j) throws IOException {
            super.storeNewToken(testDelegationTokenIdentifier, j);
            this.isStoreNewTokenCalled = true;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void removeStoredToken(TestDelegationTokenIdentifier testDelegationTokenIdentifier) throws IOException {
            super.removeStoredToken(testDelegationTokenIdentifier);
            this.isRemoveStoredTokenCalled = true;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void updateStoredToken(TestDelegationTokenIdentifier testDelegationTokenIdentifier, long j) throws IOException {
            super.updateStoredToken(testDelegationTokenIdentifier, j);
            this.isUpdateStoredTokenCalled = true;
        }

        public byte[] createPassword(TestDelegationTokenIdentifier testDelegationTokenIdentifier, DelegationKey delegationKey) {
            return SecretManager.createPassword(testDelegationTokenIdentifier.getBytes(), delegationKey.getKey());
        }

        public Map<TestDelegationTokenIdentifier, AbstractDelegationTokenSecretManager.DelegationTokenInformation> getAllTokens() {
            return this.currentTokens;
        }

        public DelegationKey getKey(TestDelegationTokenIdentifier testDelegationTokenIdentifier) {
            return (DelegationKey) this.allKeys.get(Integer.valueOf(testDelegationTokenIdentifier.getMasterKeyId()));
        }
    }

    /* loaded from: input_file:org/apache/hadoop/security/token/delegation/TestDelegationToken$TokenSelector.class */
    public static class TokenSelector extends AbstractDelegationTokenSelector<TestDelegationTokenIdentifier> {
        protected TokenSelector() {
            super(TestDelegationToken.KIND);
        }
    }

    @Test
    public void testSerialization() throws Exception {
        TestDelegationTokenIdentifier testDelegationTokenIdentifier = new TestDelegationTokenIdentifier(new Text("alice"), new Text("bob"), new Text("colin"));
        TestDelegationTokenIdentifier testDelegationTokenIdentifier2 = new TestDelegationTokenIdentifier();
        testDelegationTokenIdentifier.setIssueDate(123L);
        testDelegationTokenIdentifier.setMasterKeyId(321);
        testDelegationTokenIdentifier.setMaxDate(314L);
        testDelegationTokenIdentifier.setSequenceNumber(12345);
        DataInputBuffer dataInputBuffer = new DataInputBuffer();
        DataOutputBuffer dataOutputBuffer = new DataOutputBuffer();
        testDelegationTokenIdentifier.write(dataOutputBuffer);
        dataInputBuffer.reset(dataOutputBuffer.getData(), 0, dataOutputBuffer.getLength());
        testDelegationTokenIdentifier2.readFields(dataInputBuffer);
        Assert.assertEquals("alice", testDelegationTokenIdentifier2.getUser().getUserName());
        Assert.assertEquals(new Text("bob"), testDelegationTokenIdentifier2.getRenewer());
        Assert.assertEquals("colin", testDelegationTokenIdentifier2.getUser().getRealUser().getUserName());
        Assert.assertEquals(123L, testDelegationTokenIdentifier2.getIssueDate());
        Assert.assertEquals(321L, testDelegationTokenIdentifier2.getMasterKeyId());
        Assert.assertEquals(314L, testDelegationTokenIdentifier2.getMaxDate());
        Assert.assertEquals(12345L, testDelegationTokenIdentifier2.getSequenceNumber());
        Assert.assertEquals(testDelegationTokenIdentifier, testDelegationTokenIdentifier2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Token<TestDelegationTokenIdentifier> generateDelegationToken(TestDelegationTokenSecretManager testDelegationTokenSecretManager, String str, String str2) {
        return new Token<>(new TestDelegationTokenIdentifier(new Text(str), new Text(str2), null), testDelegationTokenSecretManager);
    }

    private void shouldThrow(PrivilegedExceptionAction<Object> privilegedExceptionAction, Class<? extends Throwable> cls) {
        try {
            privilegedExceptionAction.run();
            Assert.fail("action did not throw " + cls);
        } catch (Throwable th) {
            LOG.info("Caught an exception: ", th);
            Assert.assertEquals("action threw wrong exception", cls, th.getClass());
        }
    }

    @Test
    public void testGetUserNullOwner() {
        Assert.assertNull(new TestDelegationTokenIdentifier(null, null, null).getUser());
    }

    @Test
    public void testGetUserWithOwner() {
        UserGroupInformation user = new TestDelegationTokenIdentifier(new Text("owner"), null, null).getUser();
        Assert.assertNull(user.getRealUser());
        Assert.assertEquals("owner", user.getUserName());
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN, user.getAuthenticationMethod());
    }

    @Test
    public void testGetUserWithOwnerEqualsReal() {
        Text text = new Text("owner");
        UserGroupInformation user = new TestDelegationTokenIdentifier(text, null, text).getUser();
        Assert.assertNull(user.getRealUser());
        Assert.assertEquals("owner", user.getUserName());
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN, user.getAuthenticationMethod());
    }

    @Test
    public void testGetUserWithOwnerAndReal() {
        UserGroupInformation user = new TestDelegationTokenIdentifier(new Text("owner"), null, new Text("realUser")).getUser();
        Assert.assertNotNull(user.getRealUser());
        Assert.assertNull(user.getRealUser().getRealUser());
        Assert.assertEquals("owner", user.getUserName());
        Assert.assertEquals("realUser", user.getRealUser().getUserName());
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.PROXY, user.getAuthenticationMethod());
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN, user.getRealUser().getAuthenticationMethod());
    }

    @Test
    public void testDelegationTokenSecretManager() throws Exception {
        final TestDelegationTokenSecretManager testDelegationTokenSecretManager = new TestDelegationTokenSecretManager(86400000L, 3000L, 1000L, 3600000L);
        try {
            testDelegationTokenSecretManager.startThreads();
            final Token<TestDelegationTokenIdentifier> generateDelegationToken = generateDelegationToken(testDelegationTokenSecretManager, "SomeUser", "JobTracker");
            Assert.assertTrue(testDelegationTokenSecretManager.isStoreNewTokenCalled);
            shouldThrow(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.token.delegation.TestDelegationToken.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    testDelegationTokenSecretManager.renewToken(generateDelegationToken, "FakeRenewer");
                    return null;
                }
            }, AccessControlException.class);
            long renewToken = testDelegationTokenSecretManager.renewToken(generateDelegationToken, "JobTracker");
            Assert.assertTrue(testDelegationTokenSecretManager.isUpdateStoredTokenCalled);
            Assert.assertTrue("renew time is in future", renewToken > Time.now());
            TestDelegationTokenIdentifier testDelegationTokenIdentifier = new TestDelegationTokenIdentifier();
            testDelegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(generateDelegationToken.getIdentifier())));
            Assert.assertTrue(null != testDelegationTokenSecretManager.retrievePassword(testDelegationTokenIdentifier));
            LOG.info("Sleep to expire the token");
            Thread.sleep(2000L);
            try {
                testDelegationTokenSecretManager.retrievePassword(testDelegationTokenIdentifier);
                Assert.fail("Token should have expired");
            } catch (SecretManager.InvalidToken e) {
            }
            testDelegationTokenSecretManager.renewToken(generateDelegationToken, "JobTracker");
            LOG.info("Sleep beyond the max lifetime");
            Thread.sleep(2000L);
            shouldThrow(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.token.delegation.TestDelegationToken.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    testDelegationTokenSecretManager.renewToken(generateDelegationToken, "JobTracker");
                    return null;
                }
            }, SecretManager.InvalidToken.class);
            testDelegationTokenSecretManager.stopThreads();
        } catch (Throwable th) {
            testDelegationTokenSecretManager.stopThreads();
            throw th;
        }
    }

    @Test
    public void testCancelDelegationToken() throws Exception {
        final TestDelegationTokenSecretManager testDelegationTokenSecretManager = new TestDelegationTokenSecretManager(86400000L, 10000L, 1000L, 3600000L);
        try {
            testDelegationTokenSecretManager.startThreads();
            final Token<TestDelegationTokenIdentifier> generateDelegationToken = generateDelegationToken(testDelegationTokenSecretManager, "SomeUser", "JobTracker");
            shouldThrow(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.token.delegation.TestDelegationToken.3
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    testDelegationTokenSecretManager.renewToken(generateDelegationToken, "FakeCanceller");
                    return null;
                }
            }, AccessControlException.class);
            testDelegationTokenSecretManager.cancelToken(generateDelegationToken, "JobTracker");
            Assert.assertTrue(testDelegationTokenSecretManager.isRemoveStoredTokenCalled);
            shouldThrow(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.token.delegation.TestDelegationToken.4
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    testDelegationTokenSecretManager.renewToken(generateDelegationToken, "JobTracker");
                    return null;
                }
            }, SecretManager.InvalidToken.class);
            testDelegationTokenSecretManager.stopThreads();
        } catch (Throwable th) {
            testDelegationTokenSecretManager.stopThreads();
            throw th;
        }
    }

    @Test(timeout = 10000)
    public void testRollMasterKey() throws Exception {
        TestDelegationTokenSecretManager testDelegationTokenSecretManager = new TestDelegationTokenSecretManager(800L, 800L, 1000L, 3600000L);
        try {
            testDelegationTokenSecretManager.startThreads();
            Token<TestDelegationTokenIdentifier> generateDelegationToken = generateDelegationToken(testDelegationTokenSecretManager, "SomeUser", "JobTracker");
            byte[] password = generateDelegationToken.getPassword();
            int length = testDelegationTokenSecretManager.getAllKeys().length;
            testDelegationTokenSecretManager.rollMasterKey();
            Assert.assertTrue(testDelegationTokenSecretManager.isStoreNewMasterKeyCalled);
            Assert.assertEquals(Boolean.valueOf(testDelegationTokenSecretManager.getAllKeys().length - length >= 1), true);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(generateDelegationToken.getIdentifier());
            TestDelegationTokenIdentifier m423createIdentifier = testDelegationTokenSecretManager.m423createIdentifier();
            m423createIdentifier.readFields(new DataInputStream(byteArrayInputStream));
            Assert.assertEquals(password, testDelegationTokenSecretManager.retrievePassword(m423createIdentifier));
            while (!testDelegationTokenSecretManager.isRemoveStoredMasterKeyCalled) {
                Thread.sleep(200L);
            }
        } finally {
            testDelegationTokenSecretManager.stopThreads();
        }
    }

    @Test
    public void testDelegationTokenSelector() throws Exception {
        TestDelegationTokenSecretManager testDelegationTokenSecretManager = new TestDelegationTokenSecretManager(86400000L, 10000L, 1000L, 3600000L);
        try {
            testDelegationTokenSecretManager.startThreads();
            AbstractDelegationTokenSelector abstractDelegationTokenSelector = new AbstractDelegationTokenSelector(KIND);
            Token<TestDelegationTokenIdentifier> generateDelegationToken = generateDelegationToken(testDelegationTokenSecretManager, "SomeUser1", "JobTracker");
            generateDelegationToken.setService(new Text("MY-SERVICE1"));
            Token<TestDelegationTokenIdentifier> generateDelegationToken2 = generateDelegationToken(testDelegationTokenSecretManager, "SomeUser2", "JobTracker");
            generateDelegationToken2.setService(new Text("MY-SERVICE2"));
            ArrayList arrayList = new ArrayList();
            arrayList.add(generateDelegationToken);
            arrayList.add(generateDelegationToken2);
            Assert.assertEquals(abstractDelegationTokenSelector.selectToken(new Text("MY-SERVICE1"), arrayList), generateDelegationToken);
            testDelegationTokenSecretManager.stopThreads();
        } catch (Throwable th) {
            testDelegationTokenSecretManager.stopThreads();
            throw th;
        }
    }

    @Test
    public void testParallelDelegationTokenCreation() throws Exception {
        final TestDelegationTokenSecretManager testDelegationTokenSecretManager = new TestDelegationTokenSecretManager(2000L, 86400000L, 604800000L, 2000L);
        try {
            testDelegationTokenSecretManager.startThreads();
            Thread[] threadArr = new Thread[100];
            for (int i = 0; i < 100; i++) {
                threadArr[i] = new Daemon(new Runnable() { // from class: org.apache.hadoop.security.token.delegation.TestDelegationToken.1tokenIssuerThread
                    @Override // java.lang.Runnable
                    public void run() {
                        for (int i2 = 0; i2 < 100; i2++) {
                            TestDelegationToken.this.generateDelegationToken(testDelegationTokenSecretManager, "auser", "arenewer");
                            try {
                                Thread.sleep(250L);
                            } catch (Exception e) {
                            }
                        }
                    }
                });
                threadArr[i].start();
            }
            for (int i2 = 0; i2 < 100; i2++) {
                threadArr[i2].join();
            }
            Map<TestDelegationTokenIdentifier, AbstractDelegationTokenSecretManager.DelegationTokenInformation> allTokens = testDelegationTokenSecretManager.getAllTokens();
            Assert.assertEquals(100 * 100, allTokens.size());
            for (TestDelegationTokenIdentifier testDelegationTokenIdentifier : allTokens.keySet()) {
                Assert.assertTrue(allTokens.get(testDelegationTokenIdentifier) != null);
                DelegationKey key = testDelegationTokenSecretManager.getKey(testDelegationTokenIdentifier);
                Assert.assertTrue(key != null);
                byte[] retrievePassword = testDelegationTokenSecretManager.retrievePassword(testDelegationTokenIdentifier);
                byte[] createPassword = testDelegationTokenSecretManager.createPassword(testDelegationTokenIdentifier, key);
                Assert.assertTrue(Arrays.equals(createPassword, retrievePassword));
                testDelegationTokenSecretManager.verifyToken(testDelegationTokenIdentifier, createPassword);
            }
        } finally {
            testDelegationTokenSecretManager.stopThreads();
        }
    }

    @Test
    public void testDelegationTokenNullRenewer() throws Exception {
        TestDelegationTokenSecretManager testDelegationTokenSecretManager = new TestDelegationTokenSecretManager(86400000L, 10000L, 1000L, 3600000L);
        testDelegationTokenSecretManager.startThreads();
        Token token = new Token(new TestDelegationTokenIdentifier(new Text("theuser"), null, null), testDelegationTokenSecretManager);
        Assert.assertTrue(token != null);
        try {
            testDelegationTokenSecretManager.renewToken(token, "");
            Assert.fail("Renewal must not succeed");
        } catch (IOException e) {
        }
    }

    private boolean testDelegationTokenIdentiferSerializationRoundTrip(Text text, Text text2, Text text3) throws IOException {
        TestDelegationTokenIdentifier testDelegationTokenIdentifier = new TestDelegationTokenIdentifier(text, text2, text3);
        DataOutput dataOutputBuffer = new DataOutputBuffer();
        testDelegationTokenIdentifier.writeImpl(dataOutputBuffer);
        DataInput dataInputBuffer = new DataInputBuffer();
        dataInputBuffer.reset(dataOutputBuffer.getData(), dataOutputBuffer.getLength());
        try {
            TestDelegationTokenIdentifier testDelegationTokenIdentifier2 = new TestDelegationTokenIdentifier();
            testDelegationTokenIdentifier2.readFields(dataInputBuffer);
            Assert.assertTrue(testDelegationTokenIdentifier.equals(testDelegationTokenIdentifier2));
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    @Test
    public void testSimpleDtidSerialization() throws IOException {
        Assert.assertTrue(testDelegationTokenIdentiferSerializationRoundTrip(new Text("owner"), new Text("renewer"), new Text("realUser")));
        Assert.assertTrue(testDelegationTokenIdentiferSerializationRoundTrip(new Text(""), new Text(""), new Text("")));
        Assert.assertTrue(testDelegationTokenIdentiferSerializationRoundTrip(new Text(""), new Text("b"), new Text("")));
    }

    @Test
    public void testOverlongDtidSerialization() throws IOException {
        byte[] bArr = new byte[1048577];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = 0;
        }
        Assert.assertFalse(testDelegationTokenIdentiferSerializationRoundTrip(new Text(bArr), new Text("renewer"), new Text("realUser")));
        Assert.assertFalse(testDelegationTokenIdentiferSerializationRoundTrip(new Text("owner"), new Text(bArr), new Text("realUser")));
        Assert.assertFalse(testDelegationTokenIdentiferSerializationRoundTrip(new Text("owner"), new Text("renewer"), new Text(bArr)));
    }

    @Test
    public void testDelegationKeyEqualAndHash() {
        DelegationKey delegationKey = new DelegationKey(1111, 2222L, "keyBytes".getBytes());
        DelegationKey delegationKey2 = new DelegationKey(1111, 2222L, "keyBytes".getBytes());
        DelegationKey delegationKey3 = new DelegationKey(3333, 2222L, "keyBytes".getBytes());
        Assert.assertEquals(delegationKey, delegationKey2);
        Assert.assertFalse(delegationKey2.equals(delegationKey3));
    }

    @Test
    public void testEmptyToken() throws IOException {
        Token token = new Token();
        Token token2 = new Token(new byte[0], new byte[0], new Text(), new Text());
        Assert.assertEquals(token, token2);
        Assert.assertEquals(token.encodeToUrlString(), token2.encodeToUrlString());
        Token token3 = new Token((byte[]) null, (byte[]) null, (Text) null, (Text) null);
        Assert.assertEquals(token, token3);
        Assert.assertEquals(token.encodeToUrlString(), token3.encodeToUrlString());
    }
}
